Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser Hangs Too Much! [Solved]

Browser slow Computer slow Hanging browser

  • This topic is locked This topic is locked
74 replies to this topic

#1 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 06 April 2014 - 10:37 PM

I just got AT&T internet a month ago but now whenever I go to a website, my browser hangs far too long. If i go to Youtube, the videos buffer too long. I don't know what's going on, and it's super frustrating!

 

I ran Malwarebytes and it doesn't show any virus but i don't know what else to do.

 

Please help!


Edited by Bperkins7468, 06 April 2014 - 10:38 PM.

    Advertisements

Register to Remove


#2 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 07 April 2014 - 12:47 AM

Here is my OTL report:

 

OTL logfile created on: 4/6/2014 9:42:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Byron\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.75% Memory free
7.93 Gb Paging File | 5.87 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 48.97 Gb Free Space | 42.06% Space Free | Partition Type: NTFS
Drive D: | 331.01 Gb Total Space | 167.13 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
 
Computer Name: BYRON-PC | User Name: Byron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Byron\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (BlackBerry Limited)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
SRV - (BlackBerry Device Manager) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (BlackBerry Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (BlackBerry Limited)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ZTEusbgps) -- C:\Windows\SysNative\drivers\ZTEusbgps.sys (ZTE Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (tmobile_mf691_dc_enum) -- C:\Windows\SysNative\drivers\tmobile_mf691_dc_enum.sys (T-Mobile)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {D3245D6C-6383-4823-9EF2-FA463514A51C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...7-025031DC0501}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 B2 34 07 86 1E CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{9E94E40B-C742-41CB-BAC0-BD5D590DCCA5}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{B4D84896-6918-41DD-B848-1268BE62AF29}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...73AE67ED&SSPV="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014/03/03 14:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/03/15 18:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/02 01:40:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/02 01:40:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/02 01:40:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/02 01:40:41 | 000,000,000 | ---D | M]
 
[2011/06/14 09:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Byron\AppData\Roaming\Mozilla\Extensions
[2014/03/02 00:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\extensions
[2014/03/31 05:41:41 | 000,000,861 | ---- | M] () -- C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml
[2014/03/02 01:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/02 01:40:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: avast! Online Security = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Google Wallet = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/01/02 21:03:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - No CLSID value found.
O2:64bit: - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\inbox - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O27:64bit: - HKLM IFEO\alu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\backache.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\backbone.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\controldeck.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\facebookmessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\facemgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\icloud.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\icloudweb.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\logonmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\p4gxui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shellstreamsshortcut.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\alu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\backache.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\backbone.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\controldeck.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\facebookmessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\facemgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\icloud.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\icloudweb.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\logonmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\p4gxui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\shellstreamsshortcut.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/01 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
[2014/03/30 17:12:07 | 000,000,000 | ---D | C] -- C:\Users\Byron\Desktop\Tools in Spanish
[2014/03/21 18:11:47 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2014/03/21 18:11:47 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2014/03/21 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/03/21 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/21 14:16:33 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\SearchProtect
[2014/03/19 20:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/03/18 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Optimizer Pro
[2014/03/18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/18 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
[2014/03/18 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2014
[2014/03/18 13:11:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/03/18 12:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2014/03/18 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Nero
[2014/03/18 12:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2014/03/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2014/03/18 02:02:23 | 000,000,000 | ---D | C] -- C:\Users\Byron\Documents\Optimizer Pro
[2014/03/18 01:57:06 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\IObit
[2014/03/18 01:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evonsoft Computer Repair
[2014/03/18 01:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evonsoft Computer Repair
[2014/03/17 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Ahead
[2014/03/16 22:13:34 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2014/03/16 22:13:31 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2014/03/15 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\AVAST Software
[2014/03/15 18:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/15 18:08:15 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/15 18:08:13 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/15 18:08:13 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/15 18:08:13 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/15 18:08:13 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/15 18:08:11 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/15 18:08:06 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/15 18:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/15 18:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/13 00:54:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/13 00:54:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/13 00:54:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/13 00:54:14 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 00:54:14 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/13 00:54:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/13 00:54:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/13 00:54:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/13 00:54:13 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 00:54:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 00:54:12 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/13 00:54:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 00:54:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/13 00:54:10 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/13 00:54:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 00:54:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/13 00:54:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/13 00:54:08 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 00:54:07 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 00:54:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/13 00:54:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 00:54:06 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/13 00:54:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/13 00:54:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/13 00:51:05 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/13 00:51:05 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/13 00:45:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/13 00:45:56 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/13 00:45:56 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/12 08:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/12 08:17:08 | 005,777,288 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/03/07 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Byron\Documents\Nero Home
[2014/03/07 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Ahead
[2014/03/07 23:06:47 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2014/03/07 23:06:47 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2014/03/07 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2008/08/11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/06 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/04 11:01:02 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/04 11:01:02 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/04 10:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/03 00:06:01 | 000,000,875 | ---- | M] () -- C:\Users\Byron\Desktop\BitTorrent.lnk
[2014/04/03 00:06:01 | 000,000,855 | ---- | M] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/01 15:23:05 | 000,225,686 | ---- | M] () -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
[2014/03/30 23:40:33 | 000,422,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 21:01:30 | 002,409,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/30 21:01:30 | 000,731,358 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/30 21:01:30 | 000,006,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/29 02:03:52 | 028,708,780 | ---- | M] () -- C:\Users\Byron\Desktop\Prosperity_II.mp3
[2014/03/29 02:00:25 | 028,680,359 | ---- | M] () -- C:\Users\Byron\Desktop\Prosperity_I.mp3
[2014/03/25 19:55:57 | 008,407,552 | ---- | M] () -- C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
[2014/03/22 20:15:27 | 000,089,846 | ---- | M] () -- C:\Users\Byron\Desktop\rolex-rose-gold-president.jpg
[2014/03/20 22:49:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
[2014/03/20 22:49:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
[2014/03/20 22:28:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
[2014/03/20 22:28:22 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
[2014/03/20 08:06:17 | 000,129,829 | ---- | M] () -- C:\Users\Byron\Desktop\2015-bentley-continental-gt-speed-coupe-photo-578362-s-1280x782.jpg
[2014/03/19 20:37:10 | 001,784,242 | ---- | M] () -- C:\Users\Byron\Desktop\Customer Appreciation.pdf
[2014/03/18 21:44:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/18 21:44:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/18 13:15:09 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2014/03/18 13:15:09 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2014/03/17 15:11:54 | 000,175,358 | ---- | M] () -- C:\Users\Byron\Desktop\Customer Acquisition.pdf
[2014/03/17 15:04:12 | 002,318,360 | ---- | M] () -- C:\Users\Byron\Desktop\customer-acquisition.pdf
[2014/03/17 07:07:19 | 028,711,643 | ---- | M] () -- C:\Users\Byron\Desktop\Forgiveness_II.mp3
[2014/03/17 07:07:12 | 000,666,948 | ---- | M] () -- C:\Users\Byron\Desktop\ListeningInstructionandScripts.pdf
[2014/03/17 07:07:10 | 028,711,849 | ---- | M] () -- C:\Users\Byron\Desktop\Forgiveness_I.mp3
[2014/03/15 18:08:54 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/15 18:08:07 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/15 18:08:07 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/15 18:08:07 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/15 18:08:07 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/15 18:08:07 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/15 18:08:07 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/15 18:08:07 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/15 18:08:07 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/15 18:08:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/15 17:17:11 | 000,007,597 | ---- | M] () -- C:\Users\Byron\AppData\Local\Resmon.ResmonCfg
[2014/03/12 08:17:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/12 08:17:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/12 08:17:08 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/03/08 10:25:53 | 000,001,170 | ---- | M] () -- C:\0
[2014/03/07 22:37:49 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/03 00:06:01 | 000,000,875 | ---- | C] () -- C:\Users\Byron\Desktop\BitTorrent.lnk
[2014/04/03 00:06:01 | 000,000,855 | ---- | C] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/01 15:23:03 | 000,225,686 | ---- | C] () -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
[2014/03/30 23:40:11 | 000,422,256 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 21:01:45 | 000,038,548 | ---- | C] () -- C:\Users\Byron\Desktop\Byron Plain.jpg
[2014/03/29 02:03:31 | 028,708,780 | ---- | C] () -- C:\Users\Byron\Desktop\Prosperity_II.mp3
[2014/03/29 02:00:25 | 028,680,359 | ---- | C] () -- C:\Users\Byron\Desktop\Prosperity_I.mp3
[2014/03/25 19:55:36 | 008,407,552 | ---- | C] () -- C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
[2014/03/22 20:15:26 | 000,089,846 | ---- | C] () -- C:\Users\Byron\Desktop\rolex-rose-gold-president.jpg
[2014/03/20 08:06:17 | 000,129,829 | ---- | C] () -- C:\Users\Byron\Desktop\2015-bentley-continental-gt-speed-coupe-photo-578362-s-1280x782.jpg
[2014/03/19 20:37:09 | 001,784,242 | ---- | C] () -- C:\Users\Byron\Desktop\Customer Appreciation.pdf
[2014/03/19 08:18:25 | 005,827,896 | ---- | C] () -- C:\Users\Byron\Desktop\ChanLineup_Public Viewing.pdf
[2014/03/19 08:18:18 | 003,561,728 | ---- | C] () -- C:\Users\Byron\Desktop\Sales Guide Feb 6 - May 21 (3).pdf
[2014/03/18 13:15:09 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2014/03/18 13:15:09 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
[2014/03/18 13:15:09 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2014/03/17 15:11:53 | 000,175,358 | ---- | C] () -- C:\Users\Byron\Desktop\Customer Acquisition.pdf
[2014/03/17 15:04:12 | 002,318,360 | ---- | C] () -- C:\Users\Byron\Desktop\customer-acquisition.pdf
[2014/03/17 07:07:11 | 000,666,948 | ---- | C] () -- C:\Users\Byron\Desktop\ListeningInstructionandScripts.pdf
[2014/03/17 07:06:47 | 028,711,643 | ---- | C] () -- C:\Users\Byron\Desktop\Forgiveness_II.mp3
[2014/03/17 07:06:37 | 028,711,849 | ---- | C] () -- C:\Users\Byron\Desktop\Forgiveness_I.mp3
[2014/03/15 18:08:54 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/15 18:08:14 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/15 18:08:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/07 22:37:49 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk
[2013/12/22 02:45:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/15 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\skyx24.sys
[2013/12/15 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\rotw.sys
[2013/09/30 23:43:34 | 000,000,256 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\default.rss
[2013/09/19 00:16:55 | 000,000,093 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\WB.CFG
[2013/09/19 00:16:55 | 000,000,006 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\WBPU-TTL.DAT
[2013/09/18 23:15:25 | 000,000,258 | RHS- | C] () -- C:\Users\Byron\ntuser.pol
[2013/02/12 00:46:09 | 000,000,005 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\mbam.context.scan
[2012/08/20 00:32:25 | 000,744,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/30 18:19:18 | 000,000,300 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\burnaware.ini
[2012/04/30 08:56:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2012/04/17 08:19:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 08:19:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 08:19:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 08:19:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 08:19:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/19 23:56:30 | 000,009,908 | -HS- | C] () -- C:\Users\Byron\AppData\Local\811410x6x458s346j352j8tkd0v6
[2011/12/15 01:22:10 | 000,010,348 | -HS- | C] () -- C:\Users\Byron\AppData\Local\k5ne3dx5w3g8lgoeol54uau4jn5g6uu0ml770
[2011/12/15 01:22:10 | 000,010,348 | -HS- | C] () -- C:\ProgramData\k5ne3dx5w3g8lgoeol54uau4jn5g6uu0ml770
[2011/12/11 02:34:58 | 000,012,408 | ---- | C] () -- C:\Users\Byron\AppData\Local\mqfhxd5j5dcs1adb7nby5l851v3b
[2011/12/11 02:34:58 | 000,012,408 | ---- | C] () -- C:\ProgramData\mqfhxd5j5dcs1adb7nby5l851v3b
[2011/06/03 10:48:13 | 000,007,597 | ---- | C] () -- C:\Users\Byron\AppData\Local\Resmon.ResmonCfg
[2011/04/30 01:57:31 | 000,087,040 | ---- | C] () -- C:\Users\Byron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2012/08/17 01:13:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\L
[2012/08/17 01:13:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\U
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\L
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\1H1Q
[2012/03/15 02:00:21 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Acoustica
[2012/08/13 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Ad-Aware Antivirus
[2013/12/15 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Anvisoft
[2011/09/02 00:59:44 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Auslogics
[2014/03/15 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\AVAST Software
[2013/12/15 16:39:21 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\AVG2014
[2014/04/06 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\BitTorrent
[2012/03/11 01:31:49 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\bppenu11
[2013/09/18 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DigitalSite
[2011/12/06 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\dNNyyxAA0
[2014/03/02 23:45:30 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DriverCure
[2014/03/31 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Dropbox
[2012/04/30 08:56:29 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DVD-Cloner
[2011/11/26 01:26:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EEF2E
[2011/11/26 01:16:32 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EF33ppnG5aQHd
[2013/11/12 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EVo4FjY740LHpTDw751wI5L4vV2gn5jV
[2013/08/16 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\FCCEE
[2013/04/21 01:55:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Firetrust
[2014/03/06 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Five9
[2012/04/30 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\ImgBurn
[2014/03/18 01:57:06 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\IObit
[2011/05/16 00:33:27 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\iolo
[2012/04/18 09:11:35 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\MechCAD
[2012/09/16 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Nico Mak Computing
[2011/05/18 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Nuance
[2014/03/18 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Optimizer Pro
[2011/11/26 00:56:08 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\QdddWK88fRL
[2012/03/19 07:33:24 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Registry Mechanic
[2013/07/14 00:05:51 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Research In Motion
[2014/03/02 23:45:29 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\SpeedyPC Software
[2011/11/26 00:56:09 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\SXqqjjYCekIVz
[2013/09/18 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Systweak
[2014/03/18 13:14:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\TuneUp Software
[2014/03/02 13:35:20 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\ValueApps
[2014/03/02 23:57:25 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WebCam Recorder
[2014/03/02 23:57:28 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WhiteSmoke
[2011/11/26 00:56:18 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WPPPNyyxAuvSob3
[2013/07/13 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\XCPCSync.OEM
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 19:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.ZIP  >
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2013/11/12 04:06:45 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2014/03/01 15:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/03/01 15:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[2014/02/06 15:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2014/02/06 15:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe
[2013/11/12 04:06:48 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2013/11/12 04:06:48 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/12 04:06:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/12 04:06:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/12 04:06:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/12 04:06:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-4B6C9213.PF  >
[2014/04/05 08:09:16 | 000,316,782 | ---- | M] () MD5=E16AD51FEDB4A018A588FC7FA895DAFB -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
 
< MD5 for: IEXPLORE.EXE-908C99F8.PF  >
[2014/04/05 08:09:20 | 000,080,266 | ---- | M] () MD5=C75627F3259018A609E9AC5F924806A1 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
 
< MD5 for: SERVICES  >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\system64\drivers\etc\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 11:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\system64\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:06 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:06 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2012/09/26 01:38:52 | 000,000,427 | ---- | M] () MD5=C2DC82B7C6EB8CF3D29317DDEB712033 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QHNET3XB\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\system64\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\system64\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.TICO  >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2014\data\services.tico
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 19:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\system64\en-US\winlogon.exe.mui
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\system64\wbem\en-US\winlogon.mfl
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\system64\wbem\winlogon.mof
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/03/08 10:25:53 | 000,001,170 | ---- | M] () -- C:\0
[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2014/04/04 10:53:24 | 4258,357,248 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2014/03/15 18:08:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is FCCE-EF2E
 Directory of C:\
07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Byron
04/29/2011  07:50 PM    <JUNCTION>     Application Data [C:\Users\Byron\AppData\Roaming]
04/29/2011  07:50 PM    <JUNCTION>     Cookies [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Cookies]
04/29/2011  07:50 PM    <JUNCTION>     Local Settings [C:\Users\Byron\AppData\Local]
04/29/2011  07:50 PM    <JUNCTION>     My Documents [C:\Users\Byron\Documents]
04/29/2011  07:50 PM    <JUNCTION>     NetHood [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2011  07:50 PM    <JUNCTION>     PrintHood [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2011  07:50 PM    <JUNCTION>     Recent [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2011  07:50 PM    <JUNCTION>     SendTo [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2011  07:50 PM    <JUNCTION>     Start Menu [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2011  07:50 PM    <JUNCTION>     Templates [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Byron\AppData\Local
04/29/2011  07:50 PM    <JUNCTION>     Application Data [C:\Users\Byron\AppData\Local]
04/29/2011  07:50 PM    <JUNCTION>     History [C:\Users\Byron\AppData\Local\Microsoft\Windows\History]
04/29/2011  07:50 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Byron\Documents
04/29/2011  07:50 PM    <JUNCTION>     My Music [C:\Users\Byron\Music]
04/29/2011  07:50 PM    <JUNCTION>     My Pictures [C:\Users\Byron\Pictures]
04/29/2011  07:50 PM    <JUNCTION>     My Videos [C:\Users\Byron\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  10:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  10:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  10:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest
11/16/2011  05:48 PM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Roaming]
11/16/2011  05:48 PM    <JUNCTION>     Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
11/16/2011  05:48 PM    <JUNCTION>     Local Settings [C:\Users\Guest\AppData\Local]
11/16/2011  05:48 PM    <JUNCTION>     My Documents [C:\Users\Guest\Documents]
11/16/2011  05:48 PM    <JUNCTION>     NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/16/2011  05:48 PM    <JUNCTION>     PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/16/2011  05:48 PM    <JUNCTION>     Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
11/16/2011  05:48 PM    <JUNCTION>     SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
11/16/2011  05:48 PM    <JUNCTION>     Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
11/16/2011  05:48 PM    <JUNCTION>     Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\AppData\Local
11/16/2011  05:48 PM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Local]
11/16/2011  05:48 PM    <JUNCTION>     History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
11/16/2011  05:48 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\Documents
11/16/2011  05:48 PM    <JUNCTION>     My Music [C:\Users\Guest\Music]
11/16/2011  05:48 PM    <JUNCTION>     My Pictures [C:\Users\Guest\Pictures]
11/16/2011  05:48 PM    <JUNCTION>     My Videos [C:\Users\Guest\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows
11/26/2011  12:54 AM    <JUNCTION>     system64 [c:\users]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  52,578,844,672 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/12/22 11:32:35 | 000,000,221 | -HS- | M] () -- C:\Users\Byron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
[2008/05/22 09:35:54 | 000,051,962 | ---- | M] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2009/04/08 11:31:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/08/11 22:45:20 | 000,155,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2013/11/23 03:46:04 | 105,835,460 | ---- | M] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\붩㍵ὄ¡
[2013/11/23 03:46:04 | 105,835,460 | ---- | C] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\붩㍵ὄ¡
[2013/11/22 14:39:22 | 105,774,717 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\붭뗌ὄ
[2013/11/21 20:39:37 | 105,774,717 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\붭뗌ὄ
[2013/11/18 14:39:10 | 104,986,035 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᅓ⍁ὄ
[2013/11/18 02:39:22 | 104,986,035 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᅓ⍁ὄ
[2013/11/15 20:39:44 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\稱ⱍὄ
[2013/11/15 20:39:44 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\稱ⱍὄ
[2013/11/15 13:46:09 | 104,496,569 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\绠ꚁὄ
[2013/11/14 19:46:45 | 104,496,569 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\绠ꚁὄ
[2013/11/14 07:46:09 | 104,225,154 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\犊෌ὄ
[2013/11/14 07:46:09 | 104,225,154 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\犊෌ὄ
[2013/11/12 13:26:01 | 103,974,937 | ---- | M] ()(C:\Windows\SysWow64\???d) -- C:\Windows\SysWow64\됴렾ὄd
[2013/11/12 07:25:52 | 103,974,937 | ---- | C] ()(C:\Windows\SysWow64\???d) -- C:\Windows\SysWow64\됴렾ὄd
[2013/11/08 13:26:02 | 103,316,092 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\희ὄ
[2013/11/08 07:25:30 | 103,316,092 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\희ὄ
[2013/11/06 01:16:50 | 105,166,163 | ---- | M] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\ὄP
[2013/11/05 19:17:01 | 105,166,163 | ---- | C] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\ὄP
[2013/11/04 19:17:36 | 105,017,276 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕘὄ
[2013/11/04 19:17:36 | 105,017,276 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕘὄ
[2013/11/03 12:13:19 | 104,814,100 | ---- | M] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\퐽ꜟὄa
[2013/11/03 06:13:13 | 104,814,100 | ---- | C] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\퐽ꜟὄa
[2013/11/02 12:13:12 | 104,684,788 | ---- | M] ()(C:\Windows\SysWow64\???l) -- C:\Windows\SysWow64\쑲ࠁὄl
[2013/11/02 06:13:14 | 104,684,788 | ---- | C] ()(C:\Windows\SysWow64\???l) -- C:\Windows\SysWow64\쑲ࠁὄl
[2013/11/01 12:13:09 | 104,569,497 | ---- | M] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\䒟骮ὄ«
[2013/11/01 00:13:20 | 104,569,497 | ---- | C] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\䒟骮ὄ«
[2013/10/29 03:16:18 | 103,932,228 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\燾쀧ὄ9
[2013/10/28 03:16:17 | 103,932,228 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\燾쀧ὄ9
[2013/10/25 13:58:28 | 103,054,676 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\셅㬓ὄ
[2013/10/25 01:58:38 | 103,054,676 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\셅㬓ὄ
[2013/10/24 08:39:42 | 102,787,172 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倭継ὄ
[2013/10/24 08:39:42 | 102,787,172 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倭継ὄ
[2013/10/23 20:40:06 | 102,749,940 | ---- | M] ()(C:\Windows\SysWow64\???N) -- C:\Windows\SysWow64\石ὄN
[2013/10/23 20:40:06 | 102,749,940 | ---- | C] ()(C:\Windows\SysWow64\???N) -- C:\Windows\SysWow64\石ὄN
[2013/10/23 12:57:40 | 102,674,996 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\똓쒢ὄ
[2013/10/21 00:57:38 | 102,674,996 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\똓쒢ὄ
[2013/10/20 06:57:32 | 102,068,998 | ---- | M] ()(C:\Windows\SysWow64\???±) -- C:\Windows\SysWow64\ꍄ᪑ὄ±
[2013/10/16 18:56:55 | 102,068,998 | ---- | C] ()(C:\Windows\SysWow64\???±) -- C:\Windows\SysWow64\ꍄ᪑ὄ±
[2013/10/16 06:56:57 | 101,406,750 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫑튑ὄ
[2013/10/15 18:57:07 | 101,406,750 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫑튑ὄ
[2013/10/15 12:56:50 | 101,237,240 | ---- | M] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\ꌎ꺩ὄO
[2013/10/15 06:57:04 | 101,237,240 | ---- | C] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\ꌎ꺩ὄO
[2013/10/14 18:56:58 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\???m) -- C:\Windows\SysWow64\偨ὄm
[2013/10/14 18:56:58 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\???m) -- C:\Windows\SysWow64\偨ὄm
[2013/10/13 18:57:22 | 100,838,141 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㾄眹ὄ
[2013/10/12 06:56:29 | 100,838,141 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㾄眹ὄ
[2013/10/10 00:30:08 | 100,221,909 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\퀣ႇὄ
[2013/10/10 00:30:08 | 100,221,909 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\퀣ႇὄ
[2013/10/09 09:00:15 | 100,163,860 | ---- | M] ()(C:\Windows\SysWow64\???Y) -- C:\Windows\SysWow64\⾁츳ὄY
[2013/10/09 09:00:15 | 100,163,860 | ---- | C] ()(C:\Windows\SysWow64\???Y) -- C:\Windows\SysWow64\⾁츳ὄY
[2013/10/04 13:05:04 | 099,288,311 | ---- | M] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\᱂㡫ὄ7
[2013/10/02 19:04:55 | 099,288,311 | ---- | C] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\᱂㡫ὄ7
[2013/10/02 13:05:08 | 098,834,313 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亩猐ὄ
[2013/09/30 19:05:09 | 098,834,313 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亩猐ὄ
[2013/09/30 12:37:02 | 098,541,442 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\롏ὄ
[2013/09/30 00:37:06 | 098,541,442 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\롏ὄ
[2013/09/29 12:37:01 | 098,466,785 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\箰ѷὄ
[2013/09/29 06:37:02 | 098,466,785 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\箰ѷὄ
[2013/09/27 11:26:18 | 098,286,374 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\边冑ὄ
[2013/09/27 05:26:25 | 098,286,374 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\边冑ὄ
[2013/09/26 12:22:41 | 098,009,570 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鴵埨ὄ
[2013/09/25 18:22:37 | 098,009,570 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鴵埨ὄ
[2013/09/25 12:22:38 | 097,858,179 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꮧ꣇ὄ
[2013/09/24 18:23:25 | 097,858,179 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꮧ꣇ὄ
[2013/09/24 09:33:59 | 097,531,747 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\烱쿉ὄ
[2013/09/23 21:34:25 | 097,531,747 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\烱쿉ὄ
[2013/09/23 15:33:59 | 098,798,431 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᯌ钹ὄ
[2013/09/21 03:33:49 | 098,798,431 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᯌ钹ὄ
[2013/09/20 12:28:07 | 098,498,750 | ---- | M] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\׋䌋ὄc
[2013/09/19 18:27:59 | 098,498,750 | ---- | C] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\׋䌋ὄc
[2013/09/19 12:27:59 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\׆趿ὄC
[2013/09/19 00:28:19 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\׆趿ὄC
[2013/09/18 12:27:59 | 098,177,822 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\틛梻ὄ¢
[2013/09/18 00:28:00 | 098,177,822 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\틛梻ὄ¢
[2013/09/17 12:23:55 | 098,062,984 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\揚ὄ
[2013/09/15 12:23:53 | 098,062,984 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\揚ὄ
[2013/09/14 12:23:47 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\癛圪ὄ
[2013/09/13 18:23:45 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\癛圪ὄ
[2013/09/13 12:23:45 | 097,503,480 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\怸‣ὄ
[2013/09/12 18:23:42 | 097,503,480 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\怸‣ὄ
[2013/09/12 12:23:42 | 097,373,152 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\োⅾὄG
[2013/09/12 12:23:42 | 097,373,152 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\োⅾὄG
[2013/09/12 00:23:45 | 097,238,077 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\␦蝇ὄ
[2013/09/11 18:23:42 | 097,238,077 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\␦蝇ὄ
[2013/09/11 12:23:40 | 097,171,315 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈵䯺ὄ
[2013/09/11 00:23:46 | 097,171,315 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈵䯺ὄ
[2013/09/10 09:49:35 | 096,985,259 | ---- | M] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\環ὄ¨
[2013/09/09 21:48:57 | 096,985,259 | ---- | C] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\環ὄ¨
[2013/09/06 21:07:02 | 096,496,803 | ---- | M] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\ꨅフḼH
[2013/09/06 21:07:02 | 096,496,803 | ---- | C] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\ꨅフḼH
[2013/09/06 07:05:58 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\݌䡿Ḽ
[2013/09/05 18:43:30 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\݌䡿Ḽ
[2013/09/04 07:53:42 | 095,863,165 | ---- | M] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\믾❫ḼF
[2013/09/04 07:53:42 | 095,863,165 | ---- | C] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\믾❫ḼF
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
 
< End of report >
 


#3 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 April 2014 - 05:35 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
It seems that you have ran ComboFix already as well?  Could you go to C:\ComboFix.txt and post that text file please?  
-------------
 

N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


Posted Image
 
 

#4 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 11 April 2014 - 02:58 PM

ComboFix 14-04-09.02 - Byron 04/11/2014  13:36:12.11.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1930 [GMT -7:00]
Running from: c:\users\Byron\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-11 to 2014-04-11  )))))))))))))))))))))))))))))))
.
.
2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-10 04:11 . 2014-04-10 04:12 -------- d-----w- c:\users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 04:20 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 04:20 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 04:20 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-07 18:04 . 2014-04-07 18:04 43152 ----a-w- c:\windows\avastSS.scr
2014-03-22 01:11 . 2012-05-05 02:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2014-03-22 01:11 . 2012-05-05 02:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-03-21 21:17 . 2014-03-21 21:17 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-03-21 21:16 . 2014-03-21 21:16 -------- d-----w- c:\users\Byron\AppData\Local\SearchProtect
2014-03-19 06:21 . 2014-03-19 06:21 -------- d-----w- c:\users\Byron\AppData\Roaming\Optimizer Pro
2014-03-19 06:21 . 2014-04-01 22:13 -------- d-----w- c:\program files (x86)\Optimizer Pro
2014-03-18 20:14 . 2014-03-18 20:15 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-03-18 20:11 . 2014-03-18 20:42 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 19:53 . 2014-03-18 19:53 -------- d-----w- c:\programdata\Logs
2014-03-18 19:13 . 2014-03-18 19:29 -------- d-----w- c:\users\Byron\AppData\Roaming\Nero
2014-03-18 19:03 . 2014-03-18 19:11 -------- d-----w- c:\program files (x86)\Nero
2014-03-18 08:57 . 2014-03-18 08:57 -------- d-----w- c:\users\Byron\AppData\Roaming\IObit
2014-03-18 08:57 . 2014-03-18 08:57 -------- d-----w- c:\program files (x86)\Evonsoft Computer Repair
2014-03-18 03:34 . 2014-03-18 03:34 -------- d-----w- c:\users\Byron\AppData\Roaming\Ahead
2014-03-17 05:13 . 2002-01-05 14:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-03-17 05:13 . 1998-06-18 08:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2014-03-16 01:09 . 2014-03-16 01:09 -------- d-----w- c:\users\Byron\AppData\Roaming\AVAST Software
2014-03-16 01:08 . 2014-04-07 18:04 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-16 01:08 . 2014-04-07 18:04 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-16 01:08 . 2014-04-07 18:04 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-16 01:08 . 2014-04-07 18:04 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-16 01:08 . 2014-04-07 18:04 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-16 01:08 . 2014-04-07 18:04 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-16 01:08 . 2014-04-07 18:04 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-16 01:08 . 2014-04-07 18:04 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-16 01:07 . 2014-03-16 01:07 -------- d-----w- c:\program files\AVAST Software
2014-03-16 01:06 . 2014-03-16 01:06 -------- d-----w- c:\programdata\AVAST Software
2014-03-13 07:51 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 07:51 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-13 07:51 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-13 07:50 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 07:45 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 07:45 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 07:45 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 07:45 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 10:02 . 2011-05-01 03:52 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-16 23:35 . 2011-07-22 03:36 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-03-16 23:35 . 2011-07-22 03:35 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-03-16 23:34 . 2011-07-22 03:35 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-03-16 23:34 . 2011-08-15 17:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-03-12 15:17 . 2012-04-04 07:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 15:17 . 2011-09-16 01:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 15:17 . 2014-03-12 15:17 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:17 . 2014-04-09 04:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-03 21:13 . 2014-02-13 22:19 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-02-20 00:24 . 2014-02-20 00:24 119808 ----a-r- c:\users\Byron\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-30 00:42 . 2014-01-30 00:42 507904 ----a-r- c:\windows\SysWow64\btwapi.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-03 21:13 3461144 ----a-w- c:\program files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll" [2014-03-03 3461144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundContainer"="c:\users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
"Amazon Cloud Player"="c:\users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-07 3854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 ehdrv;ehdrv; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eamonm;eamonm; [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 DIRECTIO;DIRECTIO; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver; [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbMB;ZTE NMEAExt2 Port; [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]
R4 avgfws;AVG Firewall; [x]
R4 AVGIDSAgent;AVGIDSAgent; [x]
R4 AVGIDSDriver;AVGIDSDriver; [x]
R4 AVGIDSHA;AVGIDSHA; [x]
R4 Avgrkx64;AVG Anti-Rootkit Driver; [x]
R4 Avgtdia;AVG TDI Driver; [x]
R4 avgwd;AVG WatchDog; [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\tmobile_mf691_dc_enum.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:17]
.
2014-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-27 18:39]
.
2014-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-27 18:39]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:44]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-07 18:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=
FF - ExtSQL: 2014-03-01 10:26; {2ff5898b-2f88-497e-9b32-fa8cf959fbf9}; c:\program files (x86)\Re-markit-soft\155.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{93DBF2BB-A2B3-4683-A92E-57E60751F346} - (no file)
ShellIconOverlayIdentifiers-{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} - (no file)
ShellIconOverlayIdentifiers-{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
   8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,9a,52,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\windows\SysWOW64\Rundll32.exe
.
**************************************************************************
.
Completion time: 2014-04-11  13:57:15 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-11 20:57
ComboFix2.txt  2013-12-16 01:49
ComboFix3.txt  2013-12-16 01:05
ComboFix4.txt  2012-08-17 19:25
ComboFix5.txt  2014-01-01 06:45
.
Pre-Run: 53,168,803,840 bytes free
Post-Run: 53,101,735,936 bytes free
.
- - End Of File - - C81193F7EDDB87E1627F2BFD5A19E086
A36C5E4F47E84449FF07ED3517B43A31


#5 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 11 April 2014 - 03:06 PM

Attached File  Addition.txt   47.57KB   105 downloadsHi Jeff! 
 
Thanks for replying to my post! I appreciate your help! Here's my FRST txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2014
Ran by Byron (administrator) on BYRON-PC on 11-04-2014 14:02:06
Running from C:\Users\Byron\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [Amazon Cloud Player] - C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Policies\Explorer: [NoInstrumentation] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3B23407861ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 - DefaultScope {D3245D6C-6383-4823-9EF2-FA463514A51C} URL = 
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-025031DC0501}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9E94E40B-C742-41CB-BAC0-BD5D590DCCA5} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {B4D84896-6918-41DD-B848-1268BE62AF29} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} -  No File
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default
FF user.js: detected! => C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\user.js
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @starfield.com/off - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml
FF Extension: WBE Paste - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-06-14]
FF Extension: Workspace Email Zoom - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-06-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-15]
 
Chrome: 
=======
CHR Extension: (avast! Online Security) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Byron\AppData\Local\funmoods.crx [2013-08-30]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Byron\AppData\Local\funmoods-speeddial_sf.crx [2013-08-30]
CHR HKCU\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Byron\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2013-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-07] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-10-25] (PC Tools)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
S4 avgfws; No ImagePath
S4 AVGIDSAgent; No ImagePath
S4 avgwd; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-07] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSDriver; No ImagePath
S4 AVGIDSHA; No ImagePath
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
S4 Avgrkx64; No ImagePath
S4 Avgtdia; No ImagePath
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 catchme; No ImagePath
S3 DIRECTIO; No ImagePath
S2 eamonm; No ImagePath
S1 ehdrv; No ImagePath
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter; No ImagePath
S3 PCTINDIS5X64; No ImagePath
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
S3 TuneUpUtilitiesDrv; No ImagePath
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)
S3 ZTEusbMB; No ImagePath
S3 ZTEusbmdm6k; No ImagePath
S3 ZTEusbnmea; No ImagePath
S3 ZTEusbser6k; No ImagePath
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-11 14:02 - 2014-04-11 14:02 - 00019365 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-11 14:01 - 2014-04-11 14:02 - 00000000 ____D () C:\FRST
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:19 - 2014-04-11 01:27 - 525038428 ____R () C:\Users\Byron\Downloads\The.Amazing.Race.S24E06.HDTV.x264-LOL.mp4
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E14 HDTV x264-2HD[ettv]
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E13 HDTV x264-2HD[ettv]
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:11 - 2014-04-09 21:12 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:10 - 2014-04-09 21:11 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-08 21:20 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 21:20 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 21:19 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 21:19 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 21:19 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 21:19 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 21:19 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 21:19 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 21:19 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 21:19 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-04 04:29 - 2014-04-11 13:47 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-11 13:48 - 00003198 _____ () C:\Windows\setupact.log
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 10:22 - 2014-04-09 16:27 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 17:26 - 2014-03-30 17:27 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:12 - 2014-03-30 17:21 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 16:50 - 2014-04-10 17:08 - 00013023 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-03-26 17:01 - 2014-04-10 17:03 - 00010155 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-21 18:11 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-03-21 18:11 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-19 08:18 - 2014-03-25 17:04 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-19 08:17 - 2014-03-25 17:03 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-18 23:21 - 2014-04-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:14 - 2014-03-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:11 - 2014-03-18 13:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 12:13 - 2014-03-18 12:29 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:03 - 2014-03-18 12:11 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-17 13:43 - 2014-03-18 01:50 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-16 22:13 - 2002-01-05 07:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-03-16 22:13 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-16 16:55 - 2014-03-16 16:56 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:08 - 2014-04-07 11:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-15 18:08 - 2014-04-07 11:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-15 18:08 - 2014-04-07 11:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 00:54 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 00:54 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:54 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 00:54 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 00:54 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:54 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 00:54 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 00:54 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 00:54 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 00:54 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 00:54 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 00:54 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:54 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 00:54 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 00:54 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 00:54 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 00:51 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:51 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 00:51 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 00:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:45 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:17 - 2014-03-12 08:17 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-04-11 14:02 - 2014-04-11 14:02 - 00019365 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-11 14:02 - 2014-04-11 14:01 - 00000000 ____D () C:\FRST
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:57 - 2012-04-17 08:17 - 00000000 ____D () C:\Qoobox
2014-04-11 13:55 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 13:55 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 13:54 - 2000-03-22 03:27 - 01612114 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 13:49 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-11 13:48 - 2014-04-02 02:22 - 00003198 _____ () C:\Windows\setupact.log
2014-04-11 13:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 13:47 - 2014-04-04 04:29 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 13:30 - 2012-09-16 15:32 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\BitTorrent
2014-04-11 13:17 - 2012-04-04 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:27 - 2014-04-11 01:19 - 525038428 ____R () C:\Users\Byron\Downloads\The.Amazing.Race.S24E06.HDTV.x264-LOL.mp4
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E14 HDTV x264-2HD[ettv]
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E13 HDTV x264-2HD[ettv]
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 17:10 - 2011-06-24 23:24 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\vlc
2014-04-10 17:08 - 2014-03-27 16:50 - 00013023 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-04-10 17:03 - 2014-03-26 17:01 - 00010155 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:40 - 2009-07-13 22:13 - 00006522 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 21:12 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:10 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-09 16:27 - 2014-04-01 10:22 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-04-09 03:07 - 2011-04-30 00:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:05 - 2013-07-28 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:02 - 2011-04-30 20:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 18:54 - 2012-08-26 23:40 - 03742208 ___SH () C:\Users\Byron\Desktop\Thumbs.db
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-07 11:04 - 2014-03-15 18:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-07 11:04 - 2014-03-15 18:08 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-07 11:04 - 2014-03-15 18:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-06 21:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 15:13 - 2014-03-18 23:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-01 15:13 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\Byron\AppData\Local\NativeMessaging
2014-04-01 15:13 - 2012-07-01 17:58 - 00000000 ____D () C:\Users\Byron\AppData\Local\Conduit
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-31 17:47 - 2013-02-12 00:43 - 00000000 ___RD () C:\Users\Byron\Desktop\Jim Rohn
2014-03-31 12:00 - 2011-06-21 12:40 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Dropbox
2014-03-30 23:42 - 2011-06-21 12:44 - 00000000 ___RD () C:\Users\Byron\Dropbox
2014-03-30 23:42 - 2011-04-29 19:50 - 00000000 ___RD () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 18:16 - 2014-04-08 21:20 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:27 - 2014-03-30 17:26 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:21 - 2014-03-30 17:12 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-30 17:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-08 21:20 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-25 17:04 - 2014-03-19 08:18 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-25 17:03 - 2014-03-19 08:17 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-21 16:06 - 2011-04-29 19:50 - 00000000 ____D () C:\Users\Byron
2014-03-21 15:19 - 2012-03-17 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-21 15:12 - 2011-12-31 07:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-20 22:49 - 2012-09-03 10:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:49 - 2012-09-03 10:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-20 22:47 - 2012-09-03 10:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-20 22:47 - 2012-09-03 10:08 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-20 22:28 - 2012-11-26 23:19 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:28 - 2012-11-26 23:19 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-19 20:24 - 2000-03-22 03:45 - 00003070 _____ () C:\Windows\System32\Tasks\ACMON
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Adobe
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Local\Adobe
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 23:15 - 2000-03-22 03:46 - 00003092 _____ () C:\Windows\System32\Tasks\WC3
2014-03-18 23:15 - 2000-03-22 03:45 - 00003112 _____ () C:\Windows\System32\Tasks\ASUSControlDeck
2014-03-18 23:15 - 2000-03-22 03:45 - 00003042 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-03-18 23:15 - 2000-03-22 03:45 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-03-18 23:15 - 2000-03-22 03:45 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS SmartLogon Console Sensor
2014-03-18 23:11 - 2012-11-26 23:19 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-18 23:11 - 2012-11-26 23:19 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-18 21:44 - 2012-01-08 22:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 21:44 - 2012-01-08 22:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 13:42 - 2014-03-18 13:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 13:42 - 2012-04-15 10:50 - 00000000 ____D () C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2014-03-18 13:42 - 2012-04-08 09:58 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\HpUpdate
2014-03-18 13:42 - 2012-03-11 01:29 - 00000000 ____D () C:\Users\Byron\AppData\Local\Downloaded Installations
2014-03-18 13:42 - 2012-02-14 18:58 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-03-18 13:42 - 2011-04-30 01:39 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-03-18 13:42 - 2011-04-30 00:39 - 00000000 ____D () C:\Users\Byron\AppData\Local\Microsoft Help
2014-03-18 13:34 - 2012-01-08 22:30 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 13:34 - 2012-01-08 22:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 13:17 - 2011-12-13 20:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:15 - 2014-03-18 13:14 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:14 - 2011-12-13 20:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\TuneUp Software
2014-03-18 12:29 - 2014-03-18 12:13 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:25 - 2000-03-22 03:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:11 - 2014-03-18 12:03 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 12:06 - 2011-04-29 22:29 - 00000000 ____D () C:\ProgramData\Nero
2014-03-18 11:39 - 2014-03-02 23:42 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-18 01:50 - 2014-03-17 13:43 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-16 23:21 - 2011-05-01 01:33 - 00000000 ____D () C:\Windows\pss
2014-03-16 16:56 - 2014-03-16 16:55 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-16 16:36 - 2014-03-07 23:23 - 00000000 ____D () C:\Users\Byron\AppData\Local\Ahead
2014-03-15 21:13 - 2011-04-30 01:57 - 00000000 ____D () C:\Users\Byron\Documents\BlackBerry
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-15 17:17 - 2011-06-03 10:48 - 00007597 _____ () C:\Users\Byron\AppData\Local\Resmon.ResmonCfg
2014-03-13 18:10 - 2011-09-02 08:57 - 00000000 ____D () C:\Users\Byron\AppData\Local\Workspace
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:18 - 2012-04-04 00:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:17 - 2014-03-12 08:17 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 08:17 - 2012-04-04 00:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:17 - 2011-09-15 18:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
ZeroAccess:
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2014-04-09 21:42
 
==================== End Of Log ============================



#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 April 2014 - 03:28 PM

Before we continue....would it be accurate in saying that you probably have ran ComboFix on your system about 10 times already???
 
Please go to C:\ComboFix5.txt and attach that text file.   :)


Posted Image
 
 

#7 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 11 April 2014 - 05:03 PM

I ran ComboFix the last year in the summer when I fixed my computer then. But i haven't run it since then, until you mentioned it today. So I downloaded it, ran it, and posted the txt.



#8 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 11 April 2014 - 05:08 PM

ComboFix 12-04-15.02 - Byron 04/15/2012  10:15:50.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2051 [GMT -7:00]
Running from: c:\users\Byron\Downloads\ComboFix.exe
AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}
SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\~TtFsssGC9NcELH
c:\programdata\~TtFsssGC9NcELHr
c:\programdata\TtFsssGC9NcELH
c:\users\Byron\AppData\Local\uninstall.tmp
c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Byron\Documents\~WRL0002.tmp
c:\users\Byron\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-15 to 2012-04-15  )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:29 . 2012-04-15 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 17:29 . 2012-04-15 17:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-12 15:11 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 15:11 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 15:11 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 15:08 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 15:08 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 15:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 15:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 15:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 15:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 15:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 17:03 . 2012-04-08 17:03 -------- d-----w- c:\programdata\WEBREG
2012-04-08 17:01 . 2012-04-08 17:04 -------- d-----w- c:\users\Byron\AppData\Roaming\HP
2012-04-08 16:51 . 2010-05-31 04:36 358744 ----a-w- c:\windows\system32\hpzids40.dll
2012-04-08 16:51 . 2010-02-01 06:54 944128 ----a-w- c:\windows\system32\hpwwiax4.dll
2012-04-08 16:51 . 2010-02-01 06:54 740864 ----a-w- c:\windows\system32\hpwtscl3.dll
2012-04-08 16:51 . 2010-02-01 06:54 540672 ----a-w- c:\windows\system32\hppldcoi.dll
2012-04-08 16:51 . 2010-02-01 06:54 488960 ----a-w- c:\windows\system32\hpovst11.dll
2012-04-04 08:17 . 2012-04-14 07:17 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 07:39 . 2012-04-14 07:17 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 14:44 . 2012-04-03 14:44 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-04-03 14:44 . 2012-04-03 14:44 -------- d-----w- c:\program files (x86)\Java
2012-03-28 05:42 . 2012-03-28 05:42 -------- d-----w- c:\users\Byron\AppData\Roaming\Uniblue
2012-03-27 16:36 . 2012-03-28 05:39 -------- dc----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-03-27 05:45 . 2012-03-27 05:46 -------- d-----w- c:\programdata\SecTaskMan
2012-03-27 05:45 . 2012-03-27 05:45 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-03-19 12:39 . 2012-03-19 12:39 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-19 12:39 . 2012-03-19 12:39 -------- d-----w- c:\users\Byron\AppData\Local\PackageAware
2012-03-19 10:41 . 2012-03-19 14:33 -------- d-----w- c:\users\Byron\AppData\Roaming\Registry Mechanic
2012-03-19 10:35 . 2011-10-25 20:44 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-03-19 10:35 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-03-19 10:35 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-03-19 10:35 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-03-19 10:35 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2012-03-19 10:35 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-03-19 10:35 . 2012-03-19 10:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-18 06:43 . 2012-04-04 06:46 -------- d-----w- c:\program files (x86)\DesktopCentral_Server
2012-03-18 00:59 . 2012-03-18 00:59 -------- d-----w- C:\$AVG
2012-03-17 23:50 . 2012-03-17 23:50 -------- d-----w- c:\users\Byron\AppData\Roaming\AVG2012
2012-03-17 23:47 . 2012-03-17 23:47 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-17 23:46 . 2012-03-19 01:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-17 23:46 . 2012-03-18 00:03 -------- d-----w- c:\programdata\AVG2012
2012-03-17 23:46 . 2012-03-17 23:46 -------- d-----w- c:\program files (x86)\AVG
2012-03-17 20:58 . 2012-03-17 20:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 20:58 . 2012-03-17 20:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:17 . 2011-09-16 01:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-03 14:44 . 2011-05-01 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-05 03:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-05 03:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-17 06:38 . 2012-03-13 17:19 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:19 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:19 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 02:20 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 02:20 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 13:13 . 2012-02-17 03:20 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-09 13:13 . 2012-02-15 02:00 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2012-02-17 03:20 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-02-09 13:13 . 2012-02-15 02:00 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-02-09 13:13 . 2012-02-15 02:00 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 02:20 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 17:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\users\Byron\AppData\Local\Workspace\workspaceupdate.exe" [2012-03-18 34496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2988488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103896]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Byron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-02-21 1188624]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:17]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 04:24]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 04:24]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]
.
2012-04-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-03-28 06:47]
.
2012-04-15 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-03-19 14:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\bjib83g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\HP\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2012-04-15  10:41:47 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-15 17:41
.
Pre-Run: 70,302,765,056 bytes free
Post-Run: 71,459,684,352 bytes free
.
- - End Of File - - 9415648212E709D58953950F35ED43D6


#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 April 2014 - 12:49 PM

Oh....you have CA Antivirus.....ComboFix can get a bit wonky with that.  Rather than having you uninstall it....please do the following:
 
N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


Posted Image
 
 

#10 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 12 April 2014 - 01:13 PM

Hi Jeff,

 

I don't use CA Antivirus. I didn't even know it was still on my system. I use Avast Antivirus. 

 

CA Antivirus doesn't show up in my Control Panel.


Edited by Bperkins7468, 12 April 2014 - 01:14 PM.

    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 April 2014 - 04:49 PM

It was still showing up in the logs.  

 

To be on the safe side, go ahead with FRST and post the new log please.  :)


Posted Image
 
 

#12 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 12 April 2014 - 10:26 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Byron (administrator) on BYRON-PC on 12-04-2014 21:25:01
Running from C:\Users\Byron\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(BitTorrent Inc.) C:\Users\Byron\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [Amazon Cloud Player] - C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Policies\Explorer: [NoInstrumentation] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3B23407861ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 - DefaultScope {D3245D6C-6383-4823-9EF2-FA463514A51C} URL = 
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-025031DC0501}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9E94E40B-C742-41CB-BAC0-BD5D590DCCA5} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {B4D84896-6918-41DD-B848-1268BE62AF29} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} -  No File
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default
FF user.js: detected! => C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\user.js
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @starfield.com/off - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml
FF Extension: WBE Paste - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-06-14]
FF Extension: Workspace Email Zoom - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-06-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-15]
 
Chrome: 
=======
CHR Extension: (avast! Online Security) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Byron\AppData\Local\funmoods.crx [2013-08-30]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Byron\AppData\Local\funmoods-speeddial_sf.crx [2013-08-30]
CHR HKCU\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Byron\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2013-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-07] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-10-25] (PC Tools)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
S4 avgfws; No ImagePath
S4 AVGIDSAgent; No ImagePath
S4 avgwd; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-07] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSDriver; No ImagePath
S4 AVGIDSHA; No ImagePath
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
S4 Avgrkx64; No ImagePath
S4 Avgtdia; No ImagePath
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 catchme; No ImagePath
S3 DIRECTIO; No ImagePath
S2 eamonm; No ImagePath
S1 ehdrv; No ImagePath
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter; No ImagePath
S3 PCTINDIS5X64; No ImagePath
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
S3 TuneUpUtilitiesDrv; No ImagePath
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)
S3 ZTEusbMB; No ImagePath
S3 ZTEusbmdm6k; No ImagePath
S3 ZTEusbnmea; No ImagePath
S3 ZTEusbser6k; No ImagePath
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-12 21:24 - 2014-04-12 21:24 - 02157568 _____ (Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe
2014-04-12 21:12 - 2014-04-12 21:12 - 00064837 _____ () C:\Users\Byron\Downloads\libsrpos_plugin-0.3.win.zip
2014-04-12 21:03 - 2014-04-12 21:10 - 00000000 ____D () C:\Users\Byron\Downloads\Suits.S03E16.720p.HDTV.x264-KILLERS [PublicHD]
2014-04-12 21:03 - 2014-04-12 21:03 - 00005886 _____ () C:\Users\Byron\Downloads\[kickass.to]suits.s03e16.720p.hdtv.x264.killers.publichd.torrent
2014-04-12 10:46 - 2014-04-12 10:46 - 00017133 _____ () C:\Users\Byron\Downloads\[kickass.to]hannibal.s02e07.hdtv.x264.lol.ettv.torrent
2014-04-11 22:55 - 2014-04-11 22:55 - 00221400 _____ () C:\Users\Byron\Downloads\[kickass.to]ufc.fight.night.40.nogueira.vs.nelson.720p.hdtv.x264.koenig.rartv.torrent
2014-04-11 22:54 - 2014-04-11 22:54 - 00014723 _____ () C:\Users\Byron\Downloads\[kickass.to]joe.2013.hdrip.xvid.ac3.aqos.torrent
2014-04-11 16:43 - 2014-04-11 16:43 - 01240576 _____ () C:\Users\Byron\Downloads\SanJose-Event-Promotion.ppt
2014-04-11 14:12 - 2014-04-11 14:12 - 00001404 _____ () C:\Users\Byron\Downloads\agent (5).jnlp
2014-04-11 14:08 - 2014-04-11 14:08 - 00001404 _____ () C:\Users\Byron\Downloads\agent (4).jnlp
2014-04-11 14:04 - 2014-04-11 14:04 - 00048707 _____ () C:\Users\Byron\Desktop\Addition.txt
2014-04-11 14:02 - 2014-04-12 21:25 - 00019897 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-11 14:02 - 2014-04-11 14:03 - 00048707 _____ () C:\Users\Byron\Downloads\Addition.txt
2014-04-11 14:01 - 2014-04-12 21:25 - 00000000 ____D () C:\FRST
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:11 - 2014-04-09 21:12 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:10 - 2014-04-09 21:11 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-08 21:20 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 21:20 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 21:19 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 21:19 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 21:19 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 21:19 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 21:19 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 21:19 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 21:19 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 21:19 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-04 04:29 - 2014-04-11 13:47 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-12 11:56 - 00003478 _____ () C:\Windows\setupact.log
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 10:22 - 2014-04-09 16:27 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 17:26 - 2014-03-30 17:27 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:12 - 2014-03-30 17:21 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 16:50 - 2014-04-11 16:00 - 00013058 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-03-26 17:01 - 2014-04-11 16:51 - 00010159 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-21 18:11 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-03-21 18:11 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-19 08:18 - 2014-03-25 17:04 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-19 08:17 - 2014-03-25 17:03 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-18 23:21 - 2014-04-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:14 - 2014-03-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:11 - 2014-03-18 13:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 12:13 - 2014-03-18 12:29 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:03 - 2014-03-18 12:11 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-17 13:43 - 2014-03-18 01:50 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-16 22:13 - 2002-01-05 07:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-03-16 22:13 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-16 16:55 - 2014-03-16 16:56 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:08 - 2014-04-07 11:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-15 18:08 - 2014-04-07 11:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-15 18:08 - 2014-04-07 11:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 00:54 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 00:54 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:54 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 00:54 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 00:54 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:54 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 00:54 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 00:54 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 00:54 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 00:54 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 00:54 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 00:54 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:54 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 00:54 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 00:54 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 00:54 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 00:51 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:51 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 00:51 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 00:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:45 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-12 21:25 - 2014-04-11 14:02 - 00019897 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-12 21:25 - 2014-04-11 14:01 - 00000000 ____D () C:\FRST
2014-04-12 21:25 - 2012-09-16 15:32 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\BitTorrent
2014-04-12 21:24 - 2014-04-12 21:24 - 02157568 _____ (Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe
2014-04-12 21:17 - 2012-04-04 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-12 21:12 - 2014-04-12 21:12 - 00064837 _____ () C:\Users\Byron\Downloads\libsrpos_plugin-0.3.win.zip
2014-04-12 21:10 - 2014-04-12 21:03 - 00000000 ____D () C:\Users\Byron\Downloads\Suits.S03E16.720p.HDTV.x264-KILLERS [PublicHD]
2014-04-12 21:10 - 2011-06-24 23:24 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\vlc
2014-04-12 21:03 - 2014-04-12 21:03 - 00005886 _____ () C:\Users\Byron\Downloads\[kickass.to]suits.s03e16.720p.hdtv.x264.killers.publichd.torrent
2014-04-12 11:56 - 2014-04-02 02:22 - 00003478 _____ () C:\Windows\setupact.log
2014-04-12 10:46 - 2014-04-12 10:46 - 00017133 _____ () C:\Users\Byron\Downloads\[kickass.to]hannibal.s02e07.hdtv.x264.lol.ettv.torrent
2014-04-11 22:55 - 2014-04-11 22:55 - 00221400 _____ () C:\Users\Byron\Downloads\[kickass.to]ufc.fight.night.40.nogueira.vs.nelson.720p.hdtv.x264.koenig.rartv.torrent
2014-04-11 22:54 - 2014-04-11 22:54 - 00014723 _____ () C:\Users\Byron\Downloads\[kickass.to]joe.2013.hdrip.xvid.ac3.aqos.torrent
2014-04-11 16:51 - 2014-03-26 17:01 - 00010159 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-04-11 16:43 - 2014-04-11 16:43 - 01240576 _____ () C:\Users\Byron\Downloads\SanJose-Event-Promotion.ppt
2014-04-11 16:00 - 2014-03-27 16:50 - 00013058 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-04-11 14:18 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 14:18 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 14:12 - 2014-04-11 14:12 - 00001404 _____ () C:\Users\Byron\Downloads\agent (5).jnlp
2014-04-11 14:10 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 14:09 - 2000-03-22 03:27 - 01676591 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 14:08 - 2014-04-11 14:08 - 00001404 _____ () C:\Users\Byron\Downloads\agent (4).jnlp
2014-04-11 14:04 - 2014-04-11 14:04 - 00048707 _____ () C:\Users\Byron\Desktop\Addition.txt
2014-04-11 14:03 - 2014-04-11 14:02 - 00048707 _____ () C:\Users\Byron\Downloads\Addition.txt
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:57 - 2012-04-17 08:17 - 00000000 ____D () C:\Qoobox
2014-04-11 13:49 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-11 13:47 - 2014-04-04 04:29 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:40 - 2009-07-13 22:13 - 00006522 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 21:12 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:10 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-09 16:27 - 2014-04-01 10:22 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-04-09 03:07 - 2011-04-30 00:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:05 - 2013-07-28 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:02 - 2011-04-30 20:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 18:54 - 2012-08-26 23:40 - 03742208 ___SH () C:\Users\Byron\Desktop\Thumbs.db
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-07 11:04 - 2014-03-15 18:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-07 11:04 - 2014-03-15 18:08 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-07 11:04 - 2014-03-15 18:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-06 21:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 15:13 - 2014-03-18 23:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-01 15:13 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\Byron\AppData\Local\NativeMessaging
2014-04-01 15:13 - 2012-07-01 17:58 - 00000000 ____D () C:\Users\Byron\AppData\Local\Conduit
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-31 17:47 - 2013-02-12 00:43 - 00000000 ___RD () C:\Users\Byron\Desktop\Jim Rohn
2014-03-31 12:00 - 2011-06-21 12:40 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Dropbox
2014-03-30 23:42 - 2011-06-21 12:44 - 00000000 ___RD () C:\Users\Byron\Dropbox
2014-03-30 23:42 - 2011-04-29 19:50 - 00000000 ___RD () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 18:16 - 2014-04-08 21:20 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:27 - 2014-03-30 17:26 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:21 - 2014-03-30 17:12 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-30 17:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-08 21:20 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-25 17:04 - 2014-03-19 08:18 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-25 17:03 - 2014-03-19 08:17 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-21 16:06 - 2011-04-29 19:50 - 00000000 ____D () C:\Users\Byron
2014-03-21 15:19 - 2012-03-17 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-21 15:12 - 2011-12-31 07:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-20 22:49 - 2012-09-03 10:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:49 - 2012-09-03 10:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-20 22:47 - 2012-09-03 10:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-20 22:47 - 2012-09-03 10:08 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-20 22:28 - 2012-11-26 23:19 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:28 - 2012-11-26 23:19 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-19 20:24 - 2000-03-22 03:45 - 00003070 _____ () C:\Windows\System32\Tasks\ACMON
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Adobe
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Local\Adobe
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 23:15 - 2000-03-22 03:46 - 00003092 _____ () C:\Windows\System32\Tasks\WC3
2014-03-18 23:15 - 2000-03-22 03:45 - 00003112 _____ () C:\Windows\System32\Tasks\ASUSControlDeck
2014-03-18 23:15 - 2000-03-22 03:45 - 00003042 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-03-18 23:15 - 2000-03-22 03:45 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-03-18 23:15 - 2000-03-22 03:45 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS SmartLogon Console Sensor
2014-03-18 23:11 - 2012-11-26 23:19 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-18 23:11 - 2012-11-26 23:19 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-18 21:44 - 2012-01-08 22:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 21:44 - 2012-01-08 22:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 13:42 - 2014-03-18 13:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 13:42 - 2012-04-15 10:50 - 00000000 ____D () C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2014-03-18 13:42 - 2012-04-08 09:58 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\HpUpdate
2014-03-18 13:42 - 2012-03-11 01:29 - 00000000 ____D () C:\Users\Byron\AppData\Local\Downloaded Installations
2014-03-18 13:42 - 2012-02-14 18:58 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-03-18 13:42 - 2011-04-30 01:39 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-03-18 13:42 - 2011-04-30 00:39 - 00000000 ____D () C:\Users\Byron\AppData\Local\Microsoft Help
2014-03-18 13:34 - 2012-01-08 22:30 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 13:34 - 2012-01-08 22:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 13:17 - 2011-12-13 20:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:15 - 2014-03-18 13:14 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:14 - 2011-12-13 20:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\TuneUp Software
2014-03-18 12:29 - 2014-03-18 12:13 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:25 - 2000-03-22 03:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:11 - 2014-03-18 12:03 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 12:06 - 2011-04-29 22:29 - 00000000 ____D () C:\ProgramData\Nero
2014-03-18 11:39 - 2014-03-02 23:42 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-18 01:50 - 2014-03-17 13:43 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-16 23:21 - 2011-05-01 01:33 - 00000000 ____D () C:\Windows\pss
2014-03-16 16:56 - 2014-03-16 16:55 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-16 16:36 - 2014-03-07 23:23 - 00000000 ____D () C:\Users\Byron\AppData\Local\Ahead
2014-03-15 21:13 - 2011-04-30 01:57 - 00000000 ____D () C:\Users\Byron\Documents\BlackBerry
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-15 17:17 - 2011-06-03 10:48 - 00007597 _____ () C:\Users\Byron\AppData\Local\Resmon.ResmonCfg
2014-03-13 18:10 - 2011-09-02 08:57 - 00000000 ____D () C:\Users\Byron\AppData\Local\Workspace
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
ZeroAccess:
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2014-04-09 21:42
 
==================== End Of Log ============================


#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 April 2014 - 10:06 AM

n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------


Posted Image
 
 

#14 Bperkins7468

Bperkins7468

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 13 April 2014 - 11:22 AM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.OSNAF0
 ----- EOF ----- 


#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 April 2014 - 12:20 PM

Sorry for any delay.....I have been swamped with work and school.  I will have instructions for you tonight.  :)


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users